diff --git a/private/mediaprovider_app.te b/private/mediaprovider_app.te
index fcc873499..0e4a50ee6 100644
--- a/private/mediaprovider_app.te
+++ b/private/mediaprovider_app.te
@@ -52,3 +52,5 @@ allow mediaprovider_app proc_filesystems:file r_file_perms;
 get_prop(mediaprovider_app, storage_config_prop)
 
 get_prop(mediaprovider_app, drm_service_config_prop)
+
+allow mediaprovider_app gpu_device:dir search;
diff --git a/private/mediatranscoding.te b/private/mediatranscoding.te
index 372bde685..caa2e7ade 100644
--- a/private/mediatranscoding.te
+++ b/private/mediatranscoding.te
@@ -39,6 +39,11 @@ allow mediatranscoding shell_data_file:file { getattr read write };
 # allow mediatranscoding service write permission to statsd socket
 unix_socket_send(mediatranscoding, statsdw, statsd)
 
+allow mediatranscoding gpu_device:dir search;
+
+# Allow mediatranscoding service to access media-related system properties
+get_prop(mediatranscoding, media_config_prop)
+
 # mediatranscoding should never execute any executable without a
 # domain transition
 neverallow mediatranscoding { file_type fs_type }:file execute_no_trans;
diff --git a/private/permissioncontroller_app.te b/private/permissioncontroller_app.te
index 1e6ba0fdf..5f8187530 100644
--- a/private/permissioncontroller_app.te
+++ b/private/permissioncontroller_app.te
@@ -18,3 +18,5 @@ allow permissioncontroller_app radio_service:service_manager find;
 allow permissioncontroller_app incident_service:service_manager find;
 binder_call(permissioncontroller_app, incidentd)
 allow permissioncontroller_app incidentd:fifo_file { read write };
+
+allow permissioncontroller_app gpu_device:dir search;